Skip to content

winnpixie/log4noshell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits

src/main

src/main

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

log4noshell-0.4-SNAPSHOT-shaded.jar

log4noshell-0.4-SNAPSHOT-shaded.jar

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Log4NoShell

A Java Agent that disables Apache Log4J's JNDI Lookup to aid against CVE-2021-44228 ("Log4Shell").

If possible, update your program to use the latest Log4J version, as the vulnerability is fixed as of version 2.17.1. Otherwise, download log4noshell-0.4-SNAPSHOT-shaded.jar and continue reading.

Usage

To use Java Agents, you must specify them with the -javaagent argument.
java -jar -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar Program.jar

Minecraft

Please read Mojang's response to the matter to determine if you need this patcher.

  • Client:
    1. Go to the Installations tab in the launcher
    2. Click on the three dots on the right side of the version you'd like to use
    3. Click Edit
    4. Scroll down and click on More Options
    5. Add -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar to the JVM Arguments text-field
      • -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar -Xms2G -Xms2G...
    6. Click Save
  • Server:
    1. Add -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar somewhere before the -jar in your launch/start/run command
      • java -javaagent:path/to/log4noshell-0.4-SNAPSHOT-shaded.jar -jar minecraft_server.jar

About

Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."

nvd.nist.gov/vuln/detail/CVE-2021-44228

Topics

security log4j apache vulnerability patch cve

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages